Today’s example of “no need to hack if it’s leaking,” Catalin Cimpanu reports: The personal and health information of more than 16 million Brazilian COVID-19 patients has been leaked online after a hospital employee uploaded a spreadsheet with usernames, passwords, and access keys to sensitive government systems on GitHub this month. Among the systems that had credentials…
Category: Exposure
Sophos notifies customers of data exposure after database misconfiguration
Catalin Cimpanu reports: UK-based cyber-security vendor Sophos is currently notifying customers via email about a security breach the company suffered earlier this week. “On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support,” the company said in an email…
Fairchild Medical Center server was exposing patient information for 4.5 years until a security firm alerted them
Ugh. Fairchild Medical Center had a misconfigured server exposing PHI from December 16, 2015 until they were alerted to the problem in late July by an unnamed security company who discovered the exposure. Here’s their press release, below. Note that this does not (yet) appear on HHS’s breach tool. YREKA, Calif., Nov. 25, 2020 /PRNewswire/ — In…
UK: Concern as personal data of 284 diabetic patients breached at NHS Highland
Chris MacLennan reports: A data breach at NHS Highland has led to the personal information of 284 patients with diabetes being shared with more than 30 people. The error, which occurred on Tuesday November 17, led to the names, dates of births, contact information and hospital identification numbers of the patients being revealed. Read more…
Disabled children’s names revealed in Bristol City Council email
BBC reports: The identities of hundreds of families with disabled children have been shared with other parents without their consent by a council, in a “fundamental breach of trust and data”. Bristol City Council sent an email asking for views on a new support service to hundreds of people. The names of all the children…
UK: Second hospital data breach revealed in online papers
Emily Roberts reports: A second data breach has been reported by the trust which runs Basingstoke hospital, after personal data of 1,000 members of staff was shared. Details of the breach which was reported to the Information Commissioner’s Office (ICO) in July, have come to light in meeting papers published by Hampshire Hospitals NHS Foundation…